Digital ID: Public Consultation Debate

Full Debate: Read Full Debate
Department: Leader of the House

Earl of Courtown

Main Page: Earl of Courtown (Conservative - Excepted Hereditary)

Department Debates - View all Earl of Courtown's debates with the Leader of the House


Royal Assent

Digital ID: Public Consultation

Earl of Courtown Excerpts

Crime and Policing Bill
Wednesday 18th March 2026

(1 day, 8 hours ago)

Lords Chamber
Share Debate
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
We want people across Britain to want this system, we want them to be part of it, and we want them to have the opportunity to shape it. This consultation is that opportunity. I look forward to the involvement of Members from across the House and of our constituents. I thank my honourable friend the Member for Makerfield, Josh Simons, for his work on this issue to date, and the Parliamentary Secretary for the Cabinet Office, my honourable friend the Member for Bury North, Mr Frith, for all the work that he will now do to make this a reality—for which I will take the credit if it goes well, and he the blame if it goes wrong. I commend this Statement to the House”.
Earl of Courtown Portrait The Earl of Courtown (Con)
- View Speech - Hansard -
-

My Lords, this Statement was delivered just one week ago and has already run into some serious difficulty. Reports in the press suggest that both the Health Secretary and the Education Secretary have made it clear that their departments will not provide some of the data required for the scheme. If that is correct, it raises a fundamental question: can this policy get off the ground?

The Chief Secretary to the Prime Minister announced that the Government sought to introduce a digital ID system that would allow individuals to log into the GOV.UK app to verify their identity. He said that

“unlike an ordinary login, digital ID will work across different departments … so you can access all of the services you need in one place”.

Yet it now appears that health and education—two of the areas where one might reasonably expect such assistance to be most useful—may not be included at all. The Chief Secretary stated that

“digital ID will, over time, bring all other public services into one app”

on your mobile phone. If that is the ambition, these reports raise serious questions about whether the Government’s own departments are prepared to make that vision a reality.

This proposal raises serious questions about accessibility. Noble Lords will know that when government services move online and on to apps, they do not always become simpler or easier to use. Often, the opposite is true. These systems can take years to refine. The user experience can be poor and tasks that were once straightforward become frustratingly complex. Take, for example, the process of verifying an identity with Companies House through the GOV.UK website. What would once have been completed in minutes can now take much longer, as users work their way through help pages, chatbots, online forms and endless CAPTCHA boxes. The current state of the Government’s digital infrastructure does not inspire great confidence that this scheme will deliver the outcomes Ministers promise.

If the ambition is to move large parts of the state on to a single digital platform, the issue of digital exclusion cannot be ignored. We can already see this in practice. Many now struggle to use the NHS app. Increasingly, patients must complete online forms or digital triage systems before they can book a GP appointment, resulting in delays in access to care.

We on these Benches also harbour concerns as to whether the system will truly remain voluntary. The Chief Secretary said:

“For those who really do not wish to, traditional routes will … still be made available”.


This assurance ignores that some people will genuinely struggle to use the new system rather than just being refuseniks. It is also unclear what this means in practice. The Chief Secretary did not guarantee that traditional routes will remain available to the same extent that they are today. People will naturally worry that, over time, this could lead to a real-term reduction in those routes, with fewer alternatives for those who cannot or do not wish to use the digital system.

I ask the Minister for clarity. Can he confirm that this policy will not result in any reduction in access to public services for those who either cannot or do not wish to use the digital ID system? Can he also confirm that the introduction of this scheme will not lead to any reduction in the availability of existing processes in departments or services that adopt this digital ID route?

I turn to the GOV.UK One Login system. How many public services now require systems to use GOV.UK One Login as a mandatory gateway rather than an option? How many of the National Cyber Security Centre’s 39 cyber assessment framework outcomes does One Login currently meet, and which does it not?

Can the Minister also say what whistleblowing concerns have been raised since 2022 about security clearances, administrator access, overseas development and undetected red team intrusions? What security incidents have occurred? Has any personal data been compromised?

These questions were asked in a UQ in January. I am concerned by the lack of detail in the Minister’s response. I hope the Minister can reply more fully this time. If not, I hope he will write to clarify these points.

I appreciate that the Government have opened a public consultation, but these questions are immediately obvious to us—and, I hope, to the Government. I look forward to the Minister’s response.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard -
- - Excerpts

My Lords, I thank the Minister for this opportunity to respond to last week’s Statement and, indeed, for his personal engagement with us at that time.

The Chief Secretary told the Commons on Tuesday that he was continuing the proud Labour tradition of building public services for the many. He invoked the NHS, the Open University and Sure Start. It was a stirring lineage. But there is history he omitted: Verify, which wasted over £220 million; GOV.UK One Login, for which the Cabinet Office sought up to £400 million; and now this national digital ID, which the OBR estimates will cost £1.8 billion over three years. This, indeed, is Verify 4.0.

The Government have confirmed that possession of a digital identity will not be compulsory. We on these Benches opposed mandatory digital ID at every turn, and I am pleased to say that the Government have listened. My honourable friend Lisa Smart MP pressed the Chief Secretary directly in the Commons last week and received his wholehearted assurance. He continued to claim that using digital ID will be entirely optional. So, I ask the Minister in this House, will the voluntary character of this scheme be placed in the Bill the Government intend to bring forward later this year? How can we trust any Government on how personal data, once surrendered to the state, will actually be used?

Earlier this month, this House considered an amendment to the Crime and Policing Bill, tabled by my noble friend Lady Doocey, which sought to prohibit police from using DVLA driving licence images for facial recognition searches. The DVLA holds over 55 million records. Every driver provided their photograph for one purpose only: to hold a driving licence. They did not consent to their image becoming part of what Liberty has rightly described as the largest biometric database for police access ever created in the United Kingdom. Yet the noble Lord, Lord Hanson of Flint, the Home Office Minister, did not accept the amendment and confirmed at all stages that the express purpose of Clause 138 of the Bill is precisely to permit facial recognition searches of DVLA records. So, within a single parliamentary week, we have a Government launching a national digital identity consultation on the basis of assurances about data use, while declining to place in statute the very protections that would make such assurances meaningful. The question is not whether the Government intend that digital ID will become an instrument of surveillance, but whether a future Government could.

The Chief Secretary said that he wants security at least as strong as online banking. That is the right aspiration, but, as mentioned by the noble Earl, GOV.UK One Login, the umbrella infrastructure for this system, reportedly satisfied only 21 out of 39 security outcomes required by the National Cyber Security Centre. Whistleblowers have described vulnerabilities that allow unauthorised access to sensitive functions without triggering any alert. How can the Government justify launching a national identity solution on a platform that fails to meet nearly half the NCSC’s mandatory security outcomes?

In part two of the Fisher review, published in January, Jonathan Fisher KC warned that AI-driven impersonation at scale is now a defining crime of our age and that we must implement upstream measures—stopping fraud at the point of identity issuance, not reacting after a digital identity has been stolen. If our foundations currently satisfy barely half the required security outcomes, how do we deliver the upstream protection Mr Fisher demands?

Will the Government commission and publish a full NCSC security audit before a single citizen is enrolled? Will they introduce an offence of digital identity theft that they, along with the previous Conservative Government, have so far resisted? The consultation proposes a universal unique identifier to link citizens across every departmental silo. Without strict legal guardrails, that identifier is the functional infrastructure of the national identity register that Parliament voted to abolish in 2011, and it is precisely the centralised data honeypot that hostile state actors would most wish to compromise. We need not mere parliamentary approval for services added to the app, but a statutory prohibition on bulk data matching across departments.

In summary, I put four questions to the Minister. First, will the voluntary character of this scheme be placed in primary legislation, with an explicit prohibition on any future mandatory requirement without a further Act of Parliament? In that context, and as the noble Earl has mentioned, how mindful are the Government of the possible consequences for digital inclusion? Secondly, the Home Office’s assurances on DVLA facial recognition mirrored word for word those given by the previous Government. Before the Minister can confirm the opposite, what statutory purpose limitation on digital identity data will be placed beyond the reach of secondary legislation? Thirdly, will the Government provide a statutory guarantee that the universal unique identifier cannot be used for bulk data matching across departments without primary legislation? Finally, will the Government publish an independently verified cost-benefit analysis before the Bill is introduced, and explain why £1.8 billion would not deliver greater public benefit directed to the NHS and front-line policing, for instance?

The Chief Secretary asked what it is that critics fear from a public consultation. We do not fear the consultation; what we fear is a fourth cycle of the same expensive failure, grand ambitions and insecure foundations—a creeping identifier that becomes the digital spine of state surveillance. But what we fear above all is a system whose data acquires uses never publicly intended by its creators. We have just watched that happen in this very Chamber with the DVLA database of images. We on these Benches will support voluntary, secure, properly costed modernisation of public services, but we will not accept warm ministerial words as a substitute for hard legislative limits. We need a state that is not merely digital by choice today but constitutionally prohibited from becoming compulsory tomorrow. On the evidence of this and last week’s proceedings, we are very far from that guarantee.

Return to start of debate - Return to top of page